This part of the iSHARE Trust Framework is considered normative and is therefore compliant with RFC 2119.
The warnings, suspension and exclusion process describes the steps that the Satellite/ Scheme Owner MUST take to temporarily suspend or permanently exclude participating parties from the data space/iSHARE Network in case of non-compliance with scheme rules and guidelines, or actions with significant negative impact on the normal operation of the data space/iSHARE Network.
Three classifications of non-compliance are recognised within the iSHARE Trust Framework. Note that the impact or risk described is non-exhaustive.
Classification | Impact or risk |
---|---|
Minor non-compliance |
|
Major non-compliance |
|
Critical non-compliance |
|
*Data includes the data used for identification, authentication and authorisation purposes in the context of data exchange, but NOT the contents of the actual data exchange.
- Warnings are cautionary advices about non-compliance, about what is needed to rectify non-compliance, and by when;
- Suspension involves temporary deactivation of adhering/certified credentials within the iSHARE network;
- Exclusion involves permanent deactivation of adhering/certified credentials within the iSHARE network of the excluded party, and involves an iSHARE network wide notification of exclusion for information purposes.
Before the Satellite/ Scheme Owner issues warnings, suspends or even excludes parties, it MUST take into consideration and/or weigh the interests of the iSHARE Trust Framework and the data space/ iSHARE network (i.e. all Adhering/Certified Parties).
Goal
The goal of the warnings, suspension and exclusion process is to warrant trust in the iSHARE Trust Framework, as well as protecting the confidentiality and/or integrity of (data within) the data space/iSHARE network.
Responsibilities
Several parties have responsibilities and tasks in the warnings, suspension and exclusion process:
- The Steering/Facilitating party is responsible for facilitation of the process, to protect the confidentiality and/or integrity of (data within) the data space or iSHARE Network.
- The Reporting party can be any party that reports non-compliance.
- The Non-compliant Party is responsible for acting, at all times but especially after receiving a warning or suspension, in line with the Trust Framework's rules and guidelines.
Non-compliant party | Reporting party | Steering (facilitating) party |
Adhering party | Any | Satellite |
Certified party | Any | Satellite |
Satellite | Any | Scheme Owner |
Sequence
- The reporting party reports non-compliance to the Steering party, including an estimation of the non-compliance classification;
- The Steering party assesses the non-compliance and the estimated non-compliance classification by the reporting party, and:
- Accepts the non-compliance classification and moves to step 3;
or - Changes the non-compliance classification and moves to step 3;
or - Rejects the reported behaviour as non-compliance, and communicates why to the reporting party.
- Accepts the non-compliance classification and moves to step 3;
- If non-compliance leads to a minor incident, calamity or crisis, the incident management process is initiated.
- The Steering party registers the non-compliance and:
- If classified as minor non-compliance, notifies the non-complying party of its non-compliance, the reason(s), and the rectifications/adjustments needed within what timespan;
- If classified as major non-compliance, issues the non-complying party an official warning, and communicates its reason(s) and the rectifications/adjustments needed within what timespan;
- If classified as critical non-compliance, suspends the non-complying party, by updating the party's status in the satellite registry to 'revoked', until necessary rectifications/adjustments are in place. The Satellite communicates this suspension to the data space and the Scheme Owner to the iSHARE network.
- The non-complying party either:
- Rectifies or adjusts within the indicated time span, and informs the Steering party of the rectifications/adjustment;
or - Communicates its disagreement with the notification/warning to the Steering party within 5 working days, to which the Steering party MUST reply within 5 working days. The non-complying party is given another 5 working days to respond to the Steering party's latest reply (which can include adjustments to its earlier notification/warning);
or - Does not take any action.
- Rectifies or adjusts within the indicated time span, and informs the Steering party of the rectifications/adjustment;
- If sufficient rectifications/adjustments follow in time, step 8 follows. Otherwise, the Steering party:
- If classified as minor non-compliance:
- Issues the non-complying party a warning, and communicates its reason(s) and the rectifications/adjustments needed within what timespan.
- If classified as major non-compliance:
- Issues the non-complying party a last warning before suspension, and communicates its reason(s) and the rectifications/adjustments needed before within what timespan in order not to be suspended.
- If classified as critical non-compliance:
- Issues the non-complying party a last warning before exclusion, and communicates its reason(s) and the rectifications/adjustments needed before within what timespan in order not to be excluded.
- If classified as minor non-compliance:
- If the non-complying party continues to dishonour the (final) warning after a reasonable time, the Steering party:
- If classified as minor non-compliance:
- Upscales the non-compliance level to major and goes back to step 6b.
- If classified as major non-compliance:
- Upscales the non-compliance level to critical and goes back to step 4c.
- If classified as critical non-compliance:
- The Steering party terminates the participation of the non-compliant party by cancellation of the Accession Agreement;
- Excludes the non-complying party from the data space/ iSHARE Network, by updating the party's status in the satellite registry to 'ended', and initiates its withdrawal in line (as much as is reasonable) with the withdrawal process;
- The Steering party communicates this exclusion to the data space/iSHARE network. The excluded party will not be allowed to take part in the admission process for the next 12 months. Step 7c is followed by step 9.
- If classified as minor non-compliance:
- The Steering party considers (new) actions taken by the party adequate, considers the notification or warning honoured and closes the process;
- The Steering party evaluates the incident with the reporting and/or (an)other party(ies), and registers the evaluation for future learning.